PowerShell script to cleanup attributes in AD

#Author : Malik Haddad

#Author Email : Malik.Haddad@outlook.com

#Script Job : This script finds users that are located under a specific OU and filters the ones with a specified value that exists (not null)

# and clear them. it keeps tracks of the changes done in csv files located on the server it runs on

# and sends an email with the file attached, you can schedule this script to run using a scheduled task

## in order to be able to use the script, all users that you need to cleanup must be under a specific OU, (you can change the filter to look for "disabled users only" if you would like)

#if you need to clear more values than listed in the below script, all what you have to do, is get the attribute exact name from the attribute editor tab in AD, and call the function with the attribute name "CLEARVALUE attname"

####################

#Values : Fill your own

$ouToClear = "ou=OU,dc=domain,dc=com"

$EmailFrom = "from@domain.com"

$EmailTo = "To@domain.com"

$EmailBody = "BODY"

$EmailServer = "smtp.domain.com"

$EmailSubject= "Disabled Users Cleanup"

$LogFilePath = "C:\Logs" #Log file will only be created if scripts non null values to be cleared

####################

####################

#Getting the date and formatting it to be used in the LogFile name

$date=Get-Date

$date1= "$($date.year)_$($date.month)_$($date.day),$($date.hour)_$($date.minute)"

####################

############################################################

#Generic Function that works for all value (AD Attribute) names

function CLEARVALUE ($property)

{$value = Get-ADUser -SearchBase "$($ouToClear)" -ldapFilter "($($property)=*)" -Properties $($property)

if($value -ne $null){

"Users with $($property) found" >> "$($LogFilePath)\clearingad$($date1).csv" #adds description into a csv file in location chosen above

"name $($property)" >> "$($LogFilePath)\clearingad$($date1).csv"

foreach ($user in $value){

Get-ADUser $user -Properties $($property)

"$($user.name) $($user.$($property))" >> "$($LogFilePath)\clearingad$($date1).csv" #dump results into a csv file in location chosen above

Get-ADUser $user |Set-ADUser -Clear $($property)

}

"$($property)s are now CLEARED for above users" >> "$($LogFilePath)\clearingad$($date1).csv"

" " >> "$($LogFilePath)\clearingad$($date1).csv"

}

}

############################################################

############################################################

#Below lines calls the above function for each needed attribute, you can call the function for any attribute found in "Attribute editor" in AD

#

#clearing general tab

CLEARVALUE showinaddressbook #this will hide the user from the addressbook

CLEARVALUE telephoneNumber

#

#clearing Organization tab

CLEARVALUE title

CLEARVALUE manager

CLEARVALUE department

CLEARVALUE company

#

#clearing address tab

CLEARVALUE c

CLEARVALUE co

CLEARVALUE l #clears the city name (get attribute name from attribute editor in AD)

CLEARVALUE postalCode

CLEARVALUE postOfficeBox

CLEARVALUE st

CLEARVALUE streetAddress

#

#clearing profile tab

CLEARVALUE profilepath

CLEARVALUE scriptPath

CLEARVALUE homedrive

CLEARVALUE homeDirectory

#

#clearing telephones tab

CLEARVALUE mobile

CLEARVALUE pager

CLEARVALUE ipphone

CLEARVALUE homephone

CLEARVALUE facsimileTelephoneNumber

############################################################

############################################################

#below is to find out if there was output dumbed into a log file and attach it to an email and send it to

#the address specified above

#

$filethere = Get-Item "$($LogFilePath)\clearingad$($date1).csv" -ErrorAction Ignore

if($filethere -ne $null){

Send-MailMessage -From "$($EmailFrom)" `

-To "$($EmailTo)" `

-Subject "$($EmailSubject)" `

-Attachments "$($LogFilePath)\clearingad$($date1).csv" `

-SmtpServer "$($EmailServer)" `

-Body "$($EmailBody)"

}

############################################################